What is Identity Protection?

  1. Home
  2. What is Identity Protection?

Go back to Tutorial

In this, we will be learning about identity protection and its related services.

Identity Protection is a tool that allows organizations to accomplish three key tasks:

  • Firstly, automating the detection and remediation of identity-based risks.
  • Secondly, investigating risks using data in the portal.
  • Lastly, exporting risk detection data to third-party utilities for further analysis.

Further, Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users. And, the signals generated by and fed to Identity Protection, can be further fed into tools like Conditional Access to make access decisions, or fed back to a security information and event management (SIEM) tool for further investigation based on your organization’s enforced policies.

Risk detection and remediation

Identity Protection identifies risks in the following classifications:

Identity Protection
Image Source: Microsoft

However, the risk signals can trigger remediation efforts such as requiring users to: perform Azure AD Multi-Factor Authentication, reset their password using self-service password reset, or blocking until an administrator takes action.

Practice tests Identity Protection
Risk investigation

Administrators can review detections and take manual action on them if needed. However, there are three key reports that administrators use for investigations:

  • Firstly, Risky users
  • Secondly, Risky sign-ins
  • Lastly, Risk detections
Risk levels

Identity Protection categorizes risk into three tiers: low, medium, and high. However, while Microsoft does not provide specific details about how risk is calculated, we will say that each level brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.

Exporting risk data

Data from Identity Protection can be exported to other tools for archive and further investigation and correlation. The Microsoft Graph-based APIs allow organizations to collect this data for further processing in a tool such as their SIEM.

sc-900 online course

Reference: Microsoft Documentation

Go back to Tutorial

Menu